DUKE Integrity In Action
Duke Health Compliance Program
We strive to achieve excellence and maintain the
highest ethical standards in the way we serve patients
and conduct business, research, and education.
SECTION ONE: DUKE MEDICINE COMPLIANCE :: 2
INTEGRITY IN ACTION
Dear Colleagues:
This Code of Conduct, “Integrity in Action,” presents the principles that guide our work at Duke University Health System (DUHS), Duke
Connected Care (DCC), the Private Diagnostic Clinic PLLC (PDC), Duke University School of Medicine (SOM), and the School of Nursing
(SON) (hereinafter “Duke Health”).
We strive to achieve excellence and maintain the highest ethical standards in the way that we serve our patients and conduct business,
research, and education.
Our Code of Conduct and our Compliance Program provide the framework to ensure that these high standards of conduct are
demonstrated consistently across our organization and that we live out our common mission, vision, and values on a daily basis.
Success in our mission to provide the very best of health care, medical education, and research depends upon the commitment of
each one of us toward these shared ideals. By demonstrating integrity in every action we take, we will continue to earn the trust of our
patients, the loyalty of our colleagues, and the respect of the communities we serve.
Sincerely,
A. Eugene Washington, M.D., M.Sc.
Chancellor for Health Affairs, Duke University
President and CEO, Duke University Health System
INTEGRITY IN ACTION :: 3
INTRODUCTION
Within Duke Health, we have created a Compliance Program and a Code of Conduct, Integrity in Action, to show our commitment
to doing things the right way. Here are some key points about our Compliance Program:
WHAT IS COMPLIANCE?
Compliance is doing the right thing by following the rules.
It means we understand and comply with all the laws and
policies that apply to our organization. We ask questions,
report compliance concerns, and address issues.
WHO IS RESPONSIBLE FOR COMPLIANCE?
Every person here. This includes every employee, governing
board member, administrator, physician, student, volunteer,
as well as those with whom we do business.
WHAT DO I DO IF I THINK A LAW OR POLICY IS
NOT BEING FOLLOWED?
You must report it. Every person is required to report
suspected instances of Fraud, Waste and Abuse, as well as,
noncompliance with laws or policies. You can:
ƒƒ Contact your supervisor or other managers up the chain
of command
:: 4 :: 4
SECTION ONE:
INTEGRITY
IN ACTION:
DUKE MEDICINE
INTRODUCTION
COMPLIANCE
ƒƒ Contact your respective compliance officer. See the phone
numbers for your contacts on the back of the Code of
Conduct.
ƒƒ Or if you want to report a concern anonymously, call the
Integrity Line: 1-800-826-8109
WHAT WILL HAPPEN IF I REPORT
A COMPLIANCE CONCERN?
The concern will be investigated and addressed appropriately.
If you report a compliance concern in good faith, you are
protected from retaliation or retribution. For reference
see: DUHS policies on Non-Retaliation/Non-Retribution:
egrc.duhs.duke.edu
INTEGRITY IN ACTION: CODE OF CONDUCT
for Duke Health
DUKE UNIVERSITY HEALTH SYSTEM
DUKE CONNECTED CARE
PRIVATE DIAGNOSTIC CLINIC PLLC
DUKE UNIVERSITY SCHOOL OF MEDICINE
DUKE UNIVERSITY SCHOOL OF NURSING
SECTION ONE: DUKE MEDICINE COMPLIANCE :: 5
TABLE OF CONTENTS
SECTION ONE:
DUKE HEALTH COMPLIANCE.........................PAGE 7
SECTION THREE:
INTEGRITY IN OUR ACTIONS..........................PAGE 27
The Code of Conduct
Which Laws and Regulations Apply to Our Work?
The Compliance Program
What If I Think a Law or Policy Is Not Being Followed?
The Integrity Line: 1-800-826-8109
What Will Happen If I Report a Compliance Concern?
Expectations for Consultants and Vendors
Privacy/Confidentiality
Marketing
Conflict of Interest and/or Commitment
Professional Accountability Program
Political Activity and Contributions
Government Investigations
SECTION TWO:
OUR RESPONSIBILITIES TOWARD OTHERS.....PAGE 15
DUHS Mission, Vision and Values
Patient Care and Patients’ Rights
Interactions with Physicians and
Other Health Care Providers
The Work Environment
Education and Teaching
Research
INTEGRITY IN ACTION: TABLE OF CONTENTS :: 6
SECTION FOUR:
FINANCIAL AND BUSINESS STANDARDS........PAGE 35
Documentation
Coding and Billing
False Claims Act
Financial Reporting
Safeguarding Our Assets
Contracts
SECTION FIVE:
WE WANT YOUR FEEDBACK.......................PAGE 41
Duke Health COMPLIANCE
Section
1
SECTION ONE: DUKE MEDICINE COMPLIANCE :: 7
THE CODE OF CONDUCT
The Code of Conduct is designed to provide you,
a valued member of our organization, with a clear
understanding of what is expected in the workplace.
The Code applies to every employee, governing
board member, member of the medical staff, DCC
providers and staff, student, volunteer, as well as to
those with whom we do business. This Code does
not cover every situation. Instead, it provides broad
guidelines that are detailed in each entity’s policies
and procedures.
DUHS policies:
Duke Health Policy Center (egrc.duhs.duke.edu)
PDC policies:
Private Diagnostic Clinic, PLLC
(intranet.dm.duke.edu/ent/pdc)
Duke University policies:
(http://duke.edu/policies/)
SECTION ONE: DUKE HEALTH
MEDICINE
COMPLIANCE
COMPLIANCE:: ::8 8
WHICH LAWS AND REGULATIONS
APPLY TO OUR WORK?
We strive to comply with the laws, regulations, standards,
and policies that apply to Duke Health.
These address activities such as: (1) honoring patients’
rights; (2) maintaining and retaining records; (3) billing
and coding for services; (4) providing quality of care;
(5) negotiating and complying with all aspects of grants and
contracts; (6) provide a work environment which promotes
behaviors which are conducive to a culture of safety and
consistent with the DUHS value based culture; (7) ensuring
physicians are consistently exhibiting behaviors that support
our important health system values; (8) protecting the health
and safety of human and animal subjects in research; (9)
complying with licenses and permits; (10) protecting the
confidentiality of patient, business, and personal information;
and (11) complying with all laws governing federal and
state-funded health care programs and the requirements
of insurance companies.
THE COMPLIANCE PROGRAM
Compliance is understanding your job responsibilities and
following the rules and policies that apply to Duke Health. Our
Compliance Program was created to make sure that
our workforce is properly trained to follow all the laws,
regulations, and policies that relate to our operations and
to provide a way for the workforce to raise compliance
concerns and ask questions.
DUHS, PDC, and Duke University have compliance officers that
oversee our Compliance Programs. The DUHS, PDC, and Duke
University compliance offices are responsible for facilitating:
1) delivery of compliance training to all of our workforce
members, including employees, physicians, volunteers,
vendors, and others within our organization; 2) monitoring
activities to review business practices to make sure we comply
with applicable laws, regulations, and policies; 3) responding to
questions and concerns of staff; and 4) processes that assure
compliance problems are reported and addressed.
SECTION
SECTION
ONE:
ONE:
DUKE
DUKE
MEDICINE
HEALTH COMPLIANCE :: 9
THE COMPLIANCE PROGRAM, continued
These compliance offices answer questions about
compliance issues and work with the Office of
Counsel to respond to government inquiries.
Entities within our organization also have individual
facility compliance officers who work with the
DUHS, PDC, and Duke University compliance offices
to support compliance activities within his or her
facility, division or school.
Each entity within Duke Health has a Compliance
Committee that is responsible for: (1) implementing,
maintaining, and improving the Compliance Program
and this Code; (2) making sure we uphold the
standards in this Code; and (3) making sure that
people can report compliance concerns without
fear of retribution or retaliation.
SECTION ONE: DUKE HEALTH COMPLIANCE :: 10
WHAT IF I THINK A LAW OR POLICY
IS NOT BEING FOLLOWED?
You must report it. If employees, governing board members,
members of the medical staff, students, volunteers, or
vendors suspect that a law, regulation, policy, or this Code
is being violated:
ƒƒ Contact management or your supervisor about your
concern or problem.
ƒƒ If you feel uneasy talking to your supervisor, voice your
concern to the next supervisory level, up to and including
the highest level of management.
THE INTEGRITY LINE 1-800-826-8109
Sometimes you may wish to report a compliance concern
anonymously and not through the normal chain of authority.
In that case, report your concern through the Integrity Line:
1-800-826-8109.
Calls to the Integrity Line are not traced. Callers do not have
to give their name; however, they may do so in order to
provide additional information if needed. If callers do
identify themselves, their confidentiality will be protected
to the extent permitted by law.
ƒƒ You may also contact your facility compliance officer
or the DUHS, PDC, or Duke University Compliance
Officer. See their phone numbers on the back of the
Code of Conduct.
ƒƒ Call the Integrity Line at 1-800-826-8109 to report
anonymously.
SECTION ONE: DUKE HEALTH COMPLIANCE :: 11
WHAT WILL HAPPEN IF I REPORT
A COMPLIANCE CONCERN?
Duke Health Compliance Offices evaluate all reports promptly,
completely, and fairly. The respective office does not act on
any report until it makes sure the report is valid.
ƒƒ Duke Health Compliance Offices protect the confidentiality
and other rights of all personnel,
including anyone who is the subject of a compliance
complaint.
ƒƒ Anyone who violates applicable policies, laws, regulations,
or this Code may be disciplined. People may also be
disciplined if they do not report a compliance violation.
Disciplinary action may include being terminated or having
a contract revoked.
ƒƒ You may ask the Compliance Office how your report was
investigated and what the results were. The office will
provide information to the extent permissible.
SECTION ONE: DUKE HEALTH COMPLIANCE :: 12
The Compliance Reporting Non-Retaliation and
Non-Retribution Policy ensures that no one is penalized
for reporting what he or she honestly believes is a
compliance problem. However, if someone purposely
falsifies or misrepresents a report of wrongdoing, —
whether to protect him or herself or to hurt someone
else, — that person will not be protected under this policy.
DUHS policy can be found at: egrc.duhs.duke.edu
Duke University Statement of Ethical Principles and Code of
Conduct can be found at: compliance.duke.edu
NON-RETALIATION/
NON-RETRIBUTION POLICY
ƒƒ There will not be any retaliation as a result of reporting
in good faith, regardless of whether or not a violation is
found to have occurred.
ƒƒ Retaliation is a violation of the Compliance Program
and will not be tolerated and must be reported.
ƒƒ Reports of retaliation will be investigated thoroughly and
quickly and can result in disciplinary action, up to and
including termination of employment.
DUHS policies can be found at: egrc.duhs.duke.edu
Duke University Statement of Ethical Principles and Code of
Conduct can be found at: compliance.duke.edu
SECTION ONE: DUKE HEALTH COMPLIANCE :: 13
EXPECTATIONS FOR CONSULTANTS
AND VENDORS
Consultants, service providers, vendors, and independent
contractors (“vendors”) are an integral part of Duke Health’s
performance of its activities, and it is a priority of ours
to ensure that vendors, along with us, participate in the
Compliance Program and uphold the Code of Conduct, Duke
Health policies, applicable laws and regulations, and Joint
Commission standards when providing services to and for
us. Vendors are required to participate in the Duke Health
Compliance Program as demonstrated by vendors’ review and
acknowledgment of the Code of Conduct. To ensure vendors’
participation, all vendor staff is required to register and
complete the necessary training prior to entering one of our
facilities. In accordance with the Conflict of Interest and Gifts
and Courtesies policies, vendors are prohibited from providing
gifts or courtesies, including entertainment, travel, food,
business luncheons, mugs, pens, or any other
SECTION ONE: DUKE HEALTH COMPLIANCE :: 14
marketing materials regardless of value. Duke Health provides
all vendors with a copy of the Code of Conduct. We make
relevant training and education programs available to
vendors. It is required that vendors also abide by our Vendor
Policy. Information regarding the policy and other visitation
requirements is available at finance.duke.edu/procurement.
OUR RESPONSIBILITIES
TOWARD OTHERS
Section
2
DUHS MISSION, VISION
& VALUES
The culture at Duke Health is based on the DUHS
Mission, Vision and Values.
Mission
As a world-class academic and healthcare system
Duke Health strives to transform medicine and
health locally and globally through innovative
scientific research, rapid translation of breakthrough
discoveries, future clinical and scientific leaders,
advocating and practicing evidence-based medicine
to improve community health, and leading efforts to
eliminate health inequalities.
Vision
Duke Health seeks to transform health care,
teaching, and to benefit society. We believe we can
accomplish this vision by:
ƒƒ Making important advances in biomedical science
and fundamental research.
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 16
DUHS MISSION, VISION & VALUES, continued
ƒƒ Fostering a multidisciplinary environment in the lab and
clinic that unites our efforts to prevent illness, treat disease,
and care for our patients.
Values
ƒƒ Translating discoveries into clinical practice.
Excellence: We strive to achieve excellence in all
that we do.
ƒƒ Designing clinical interventions and measuring their
effectiveness.
ƒƒ Creating innovative approaches to health and wellness
ƒƒ Addressing health disparities in our community and around
the world.
ƒƒ Sharing our vision and advances globally through
wide-reaching programs and collaborations.
ƒƒ Training the scientists, clinical professionals, administrators,
and community advocates who will lead this work in
the future.
Core Value: Caring for our Patients, Their Loved Ones, and
Each Other through:
Safety: We hold each other accountable to constantly
improve a culture that ensures the safety and welfare of all
patients, visitors and staff.
Integrity: Our decisions, actions, and behaviors are based on
honesty, trust, fairness, and the highest ethical standards.
Diversity: We embrace differences among people.
Teamwork: We have to depend on each other and work well
together with mutual respect to achieve common goals.
ƒƒ Investing in technologies, tools, infrastructure, and
people—the foundations of success.
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 17
PATIENT CARE AND
PATIENTS’ RIGHTS
We are committed to treating patients with dignity
and respect. Here are some specific ways:
ƒƒ We provide our patients with safe, high-quality
medical care without discrimination, which is
compassionate and respects personal dignity,
values, and beliefs.
ƒƒ We provide clinical care to our patients without
regard to an individual’s race, color, national
origin, religion, gender, age, sexual orientation,
gender identity, genetic information, veteran
status or disability.
ƒƒ We honor patients’ rights to participate in
and make decisions about their care and pain
management, including the right to refuse care
when permitted by law.
ƒƒ We provide our patients with information
about their illness, treatment, pain, alternatives,
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 18
PATIENT CARE AND PATIENTS’ RIGHTS, continued
and outcomes in a manner they can understand.
Interpretation services are provided when needed.
ƒƒ We identify ourselves to our patients, giving our
name and role as a health care provider (doctor,
nurse, etc.).
ƒƒ We advise our patients that they have the right to
request a family member, friend, and/or physician be
notified that they are under our care.
ƒƒ We will not commit any act or omission, nor adopt
any policy that inhibits our Medicare beneficiaries
aligned with DCC from exercising their basic freedom
of choice to obtain services from health care providers
and entities.
ƒƒ We ensure that our patients receive information
about transfers to other facilities or organizations,
including alternatives to transfer.
ƒƒ We provide patients the opportunity to participate
in research or decline to participate in research.
Patients may decline to participate at any time
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 19
PATIENT CARE AND PATIENTS’ RIGHTS, continued
without compromising access to care, treatment,
or services.
ƒƒ We respect patients’ right to private and
confidential treatment, communications, and
medical records in accordance with all legal
requirements.
ƒƒ We welcome receipt of patient concerns and
complaints so they can be addressed. Sharing
concerns and complaints will not compromise a
patient’s access to care, treatment, and services.
ƒƒ We respect patients’ right to receive visitors,
including but not limited to, spouse, domestic
partner (including same sex partner), other family
members, or friends.
Additional information on patients’ rights is available
in DUHS Policies: Patient’s Rights and Responsibilities
Policy, Interfacility Inpatient Transfers Policy, and
Emergency Medical Treatment and Labor Act
(EMTALA) Policy. (egrc.duhs.duke.edu)
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 20
INTERACTIONS WITH PHYSICIANS
AND OTHER HEALTH CARE
PROVIDERS
We strive to maintain the highest standards in accepting
patient referrals and interacting with
other providers.
ƒƒ We abide by laws that relate to patient referrals.
ƒƒ We make and accept patient referrals and consultations
based on medical needs.
ƒƒ We do not pay anyone or offer benefits to anyone for
giving or asking for a referral or consultation.
ƒƒ Our relationships with physicians comply with
all applicable laws. If you have a question about
relationships between DUHS, PDC, Duke University,
and any referring/consulting physician, contact one
of the Compliance Offices or the Office of Counsel,
or review the DUHS Policies (egrc.duhs.duke.edu)
on Gifts and Courtesies and Compensated Physician
Services Agreements.
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 21
THE WORK ENVIRONMENT
We make every effort to provide all employees and
others at our organization with the best possible
work environment.
ƒƒ We follow all federal, state, and Equal Employment
Opportunity Commission laws and regulations for
recruiting and retaining qualified employees.
ƒƒ We adhere to the Duke University Guiding Principles
and Workforce Rules.
ƒƒ We strive to resolve conflict through mediation and
our dispute-resolution process.
ƒƒ We cooperate with the respective Compliance Offices
in the investigation of any allegations.
ƒƒ We maintain a harassment-free work environment and
conduct ourselves appropriately, treating each other
with dignity and respect. Harassment is defined as the
creation of any hostile or intimidating environment
in which verbal or physical conduct is severe or
persistent enough to cause significant interference
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 22
THE WORK ENVIRONMENT, continued
with a staff member’s work, education, or on-site living
condition. Harassment is not limited to conduct of a sexual
nature. Duke also prohibits harassment based upon an
individual’s race, color, national origin, religion, gender, age,
sexual orientation, gender identity or expression, genetic
information, veteran status, or disability.
ƒƒ We report to work free of impairment from drugs
and alcohol.
ƒƒ We follow all laws, regulations, and policies related to
environmental health and safety, including fire, chemical,
biological, ergonomic, radiation, and electrical safety.
ƒƒ We make sure that medical waste and hazardous materials
are handled, transported, and disposed properly.
ƒƒ We take reasonable steps to keep our workplace safe and
avoid harming co-workers, patients, visitors, and ourselves
through behaviors which are conducive to a culture of
safety and consistent with the DUHS value based culture.
ƒƒ We report all incidents and accidents according to
department policies.
ƒƒ We understand our responsibilities during emergency
situations, including severe weather and disasters.
ƒƒ We follow practices that reduce the spread of infection,
such as washing hands, wearing personal protective
equipment, and following isolation procedures.
ƒƒ We store all drugs, pharmaceuticals, chemicals, and
radioactive materials safely and maintain proper records.
For human resources policies including Duke University
Guiding Principles and Workforce Rules, go to hr.duke.edu.
For safety policies, go to safety.duke.edu.
We are committed to making sure that our employee
hiring, screening, and disciplinary procedures and policies
meet the requirements of the Compliance Program. We do
not contract with, employ, or bill for services rendered by
an individual or entity that is excluded from participating
in federal health care programs, has been suspended or
debarred from federal contracting, or has been convicted of a
criminal offense related to the provision of health care.
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 23
EDUCATION AND TEACHING
Education and teaching are part of the core mission
of Duke Health. We provide and encourage continued
learning for our personnel and associated health care
providers. We educate future health care providers
and leaders. We educate patients and their families,
significant others, or caregivers about a patient’s
condition and care. And we educate the communities
we serve about health care topics of concern to them.
ƒƒ When students or trainees participate in patient care,
we provide the supervision needed to ensure that all
aspects of patient care are appropriate.
ƒƒ We provide meaningful and practical learning
experiences for health care students and trainees.
ƒƒ We provide training and education that support
individuals’ career development and advance the
performance of the organization as a whole.
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 24
EDUCATION AND TEACHING, continued
ƒƒ We complete all training (e.g. Compliance, HIPAA,
Lab Safety, and Fire & Safety) that is required for us
to do our work, as well as to ensure that Duke Health
is compliant with all applicable laws, regulations, and
policies.
ƒƒ Our compliance education program works to ensure
that every employee, governing board member,
member of the faculty, medical staff, student, vendor,
and volunteer understands this Code of Conduct and
the basic principles of the Compliance Program. All of
these individuals sign a statement showing that they
have received a copy of this Code and agree to abide
by its terms.
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 25
RESEARCH
We follow the highest ethical standards and comply
with federal and state laws and regulations, as well as
with our own policies in any research, investigations,
and clinical trials involving human subjects or animals.
We educate all personnel who serve on or would be
expected to interact with the Institutional Review
Boards (for human subjects) and the Institutional
Animal Care and Use Committee (for animal subjects)
about applicable laws, regulations, and guidelines,
including those of the Office for Human Research
Protections, as well as our own policies and procedures.
Procedures and guidelines for research can be found
at irb.mc.duke.edu, compliance.duke.edu and
docr.som.duke.edu.
SECTION TWO: OUR RESPONSIBILITIES TOWARD OTHERS :: 26
Section
INTEGRITY IN OUR ACTIONS
3
PRIVACY/CONFIDENTIALITY
We use confidential information—information that should
remain private, whether medical, staff-related, business,
financial, or personal—only as needed to do our jobs. We
respect and maintain the confidentiality of patients’ protected
health information.
Protected health information (PHI) is any health information
that could identify a particular person. The person could be
living or deceased. The information could be about the past,
present, or future health of a person. The information could
be written on paper, displayed or stored in computers, or it
could be spoken. Examples include patient charts, reports,
x-rays, billing systems, nursing notes, and conversations
about patients.
Under the HITECH Act, Duke Health has the obligation to
report breaches of PHI. A breach is generally presumed when
an incident of an unauthorized use, access or disclosure
under the Privacy Rule occurs – unless the Compliance Office
performs a risk analysis that reveals a low probability that PHI
has been compromised.
SECTION THREE: INTEGRITY IN OUR ACTIONS :: 28
Upon the determination of a breach incident, Duke has
reporting responsibilities to the patient, research subject, and
the Department of Health and Human Services. ALL STAFF
have a duty to report any allegation of a breach, including
unauthorized accesses or disclosures, to their manager and/or
to their respective Compliance Office.
Consistent with the North Carolina Identity Theft Protection
Act, we have procedures in place to protect the confidential
nature of Social Security Numbers (SSN) without creating
unjustified obstacles to the conduct of the business of Duke
Health. We take the appropriate measures to protect against
unauthorized access or use of personal information.
To protect the confidentiality of patient information,
we strictly follow our privacy and security policies and
procedures.
ƒƒ We access only the information that we need to perform
our work.
PRIVACY/CONFIDENTIALITY, continued
ƒƒ We do not share information with others unless there is
a legitimate need for others to know the information in
order to perform their work.
ƒƒ We only use Duke’s shared network or approved secure
cloud storage to store files containing PHI. For more
details, go to security.duke.edu
ƒƒ We do not access the patient information of our colleagues,
friends or family members without appropriate written
authorization or when it is not part of our job responsibility.
We also take steps to maintain the confidentiality of:
ƒƒ Because so much of our information is generated and
contained within our computer systems, we protect our
computer systems and the information contained in them
by creating a strong password, not sharing passwords,
and by adhering to our information security policies and
procedures.
ƒƒ When sending patient information electronically, we do
so securely, using encryption as required by privacy and
security policies.
ƒƒ We protect electronic patient information by ensuring we
only use mobile devices that are properly encrypted such as
encrypted laptops, thumb drives and other mobile devices.
ƒƒ Information about personnel actions.
ƒƒ Private financial, pricing, and cost information not
of public record.
ƒƒ Information regarding intellectual property (such as
inventions) of the organization that is not intended for
public disclosure and similar information of other entities
that is shared with the organization on a confidential basis.
ƒƒ Computer software programs.
ƒƒ Service provider, vendor, or contractor information.
ƒƒ We do not discuss sensitive topics involving business
operations with any competitors, service providers,
vendors, or other contractors without the approval
of the appropriate supervisor.
SECTION THREE: INTEGRITY IN OUR ACTIONS :: 29
PRIVACY/CONFIDENTIALITY, continued
ƒƒ We do not obtain confidential information about
competitors through improper means.
ƒƒ We do not post sensitive information including PHI
or patient pictures on personal social media pages.
ƒƒ When we have questions or wish to report concerns
regarding confidentiality, contact your respective
Compliance Office using the phone numbers listed
on the back of the Code of Conduct.
For more details, see the Breach of Protected Health
Information/Patient Privacy Policy, Confidentiality
Agreement, Protecting the Confidentiality of Social
Security Numbers, and Electronic Communication policy
at (egrc.duhs.duke.edu).
SECTION THREE: INTEGRITY IN OUR ACTIONS :: 30
PRIVACY AND SECURITY TIPS
Protecting Spoken Information
ƒƒ Don’t leave papers unattended.
ƒƒ Knock first and ask to enter patient room.
ƒƒ Use a cover sheet and check the fax number when faxing
confidential information.
ƒƒ Close doors or curtains when talking about treatments
or doing procedures.
Protecting Information on Computers
ƒƒ Speak softly in semi-private rooms.
ƒƒ Keep computer screens pointed away from the public.
ƒƒ Ask permission before speaking about a patient’s care in
front of visitors.
ƒƒ Log off or secure your workstations when leaving your
work area.
ƒƒ Don’t discuss patient information in waiting rooms, the
cafeteria, and other public areas.
ƒƒ Keep passwords secure.
ƒƒ Direct visitors to the information desk.
ƒƒ Properly encrypt handheld devices and laptops.
ƒƒ Don’t leave messages about patient conditions on
answering machines.
ƒƒ Store files containing PHI only on Duke’s shared network
or approved secure cloud storage.
Protecting Information on Paper
ƒƒ Use encryption when sending e-mails containing patient
and other confidential information.
ƒƒ Find the owner of “lost” papers.
ƒƒ Shred information no longer needed.
ƒƒ Report computer viruses.
ƒƒ Research protocols utilizing protected health information
should have a current research data security plan on file
with the institutional review board.
SECTION THREE: INTEGRITY IN OUR ACTIONS :: 31
MARKETING
We use many forms of communication to provide and
receive information between our co-workers, those we serve,
those with whom we conduct business, and the public.
Communication may occur verbally or through written
documents, electronic mail (e-mail), facsimile (fax), voice mail,
by computer, audio and video recordings, and marketing.
ƒƒ We make sure we use all forms of communication
appropriately.
ƒƒ We release information to the media, public, and courts
only through the appropriate channels in accordance with
the DUHS Policy: Media Inquiries (egrc.duhs.duke.edu)
ƒƒ We present all communication regarding our services,
including marketing and advertising, in a truthful and
informative manner that provides a fair representation
of services and care provided.
ƒƒ We will adhere to all federal and state laws, regulations
and rules governing marketing and advertising. Marketing
materials related to DCC will be submitted to the relevant
governmental agency, including Medicare, for approval
prior to use.
SECTION THREE: INTEGRITY IN OUR ACTIONS :: 32
CONFLICT OF INTEREST
AND/OR COMMITMENT
Staff members are expected to always perform their work
for the benefit of Duke and its patients, students, and
customers. Duke defines “Conflict of Interest” and “Conflict
of Commitment” as follows:
ƒƒ Conflict of Interest: A “Conflict of Interest” exists when a
staff member has a relationship with an outside organization
that can potentially bias the staff member in such a way
that he/she (or a member of their immediate family) could
potentially stand ultimately to benefit financially by his or her
relationship to that outside organization.
ƒƒ Conflict of Commitment: A “Conflict of Commitment”
exists when a staff member (or a relative of a staff
member) has a relationship with an outside organization
that may potentially bias or influence the staff member
in making decisions in his or her capacity as a Duke
employee. Any relationship with an outside organization
that requires frequent and/or prolonged absence from
Duke may represent a Conflict of Commitment.
CONFLICT OF INTEREST AND/OR COMMITMENT, continued
ƒƒ In our business relationships with consultants, service
providers, suppliers, vendors, and other contractors,
we base all of our decisions on quality of services and
products, competitive pricing, and organizational policy—
not on personal relationships or personal benefit.
ƒƒ We do not offer, solicit, or accept any gifts or gratuities
that may influence or appear to influence our objectivity
in performing our work.
ƒƒ DCC, its providers, staff, and contractors are prohibited
from providing gifts to beneficiaries as inducements for
receiving services from or remaining with DCC or its
providers.
Please review the Duke Health Gifts and Courtesies Policy.
Supervisors should consult with their respective Compliance
Office for questions they may have about gifts.
POLITICAL ACTIVITY
See the DUHS (egrc.duhs.duke.edu) and Duke University
(compliance.duke.edu) conflict of interest policies
and the Duke Health Gifts and Courtesies Policy
(egrc.duhs.duke.edu) and Frequently Asked Questions
attached to the policies.
SECTION THREE: INTEGRITY IN OUR ACTIONS :: 33
POLITICAL ACTIVITY
AND CONTRIBUTIONS
approach to reporting, identifying, monitoring and
responding to physician needs as they arise.
Employees are encouraged to vote and take part in the
political process. However, the use of DUHS, PDC, or SOM/
SON property or funds to support a political cause, party, or
candidate for public office is prohibited.
GOVERNMENT INVESTIGATIONS
ƒƒ We do not use Duke Health assets such as telephones,
copiers, and our work time to support any political activity.
ƒƒ We clearly indicate that the political views we express as
individuals are our own.
PROFESSIONAL ACCOUNTABILITY
PROGRAM (PACT)
The PACT program is designed to foster a safe and productive
work environment by promoting physician behaviors which
are conducive to a culture of safety and consistent with
the DUHS value based culture. PACT supplements ongoing
professionalism efforts by providing a more consistent
SECTION THREE: INTEGRITY IN OUR ACTIONS :: 34
We fully comply with the law and cooperate with any
appropriate request by a government agency for information.
Any non-routine inquiry, civil investigative demand, subpoena,
or request of another agency regarding DUHS, PDC, SOM/
SON or any facility, division, or person associated with DUHS,
PDC, and SOM/SON should be reported immediately to the
DUHS, PDC, or Duke University Compliance Office, a DUHS
Facility Compliance Officer, or the administrator on call.
This notification will ensure that the appropriate individuals,
including the Office of Counsel, are made aware of the
request and can properly respond to it, and that all patient
privacy rights are maintained. See DUHS (egrc.duhs.duke.
edu) and PDC (intranet.dm.duke.edu/ent/pdc) policies on
Search Warrant, Subpoena, and Civil Investigative Demand
and Visits by Investigators or Auditors. See Duke University’s
(compliance.duke.edu) Notification policy.
FINANCIAL AND
BUSINESS STANDARDS
Section
4
DOCUMENTATION
We are committed to timely and accurate documentation
across all functions, which include patient/caregiver
interventions, services provided, and/or goals or
outcomes achieved.
ƒƒ We do not falsify any record, contract, or other
document.
ƒƒ We truthfully and accurately maintain all paper
and electronic data, including medical records and
financial reports, in accordance with applicable laws,
regulations, and policies.
ƒƒ Only authorized individuals should access medical
and billing records.
ƒƒ We are responsible for the accuracy of clinical
documentation, including any carried forward
documentation. The clinician is responsible to update
any carried forward content and verify the accuracy
and medical necessity of current encounter.
ƒƒ We maintain all medical and billing records as
required by law.
SECTION FOUR: FINANCIAL AND BUSINESS STANDARDS :: 36
ƒƒ All cost reports submitted comply with federal
and state laws, regulations, and guidelines.
ƒƒ We will submit accurate quality and other relevant data in
accordance with federal and state laws, regulations and
guidelines.
ƒƒ We store medical and billing records in a safe and secure
place for the time required by law or policy.
ƒƒ We maintain and retain documents related to the
respective Compliance Program.
CODING AND BILLING
Coding is the way we identify and classify health information
(such as diseases and procedures) based on the care provided
as documented in a patient’s medical record. Submitting
these codes in the billing process is the way we identify
charges for services we have provided. Our coding and
billing practices strive to comply with all laws governing
federal- and state-funded health care programs, and with the
requirements of insurance companies.
ƒƒ We are committed to timely, complete, and accurate
coding and billing. We bill only for services that we
actually provide, document, and believe to be
medically necessary.
ƒƒ We select billing codes that we believe in good faith
accurately represent the services that we provide and
that are supported by documentation in the medical
record according to regulatory requirements and
guidelines.
ƒƒ We address and respond to billing and coding inquiries
and questions.
ƒƒ We make every effort to correct inaccuracies in billing in a
timely manner as required by applicable laws and policies.
ƒƒ Employees should report concerns regarding the
appropriateness of coding and billing practices to the
appropriate supervisor, Facility Compliance Officer,
or the DUHS, PDC, or Duke University Compliance Office.
SECTION FOUR: FINANCIAL AND BUSINESS STANDARDS :: 37
FRAUD, WASTE AND ABUSE
FALSE CLAIMS ACT
To prevent Fraud, Waste and Abuse: Follow DUHS’ Code
of Conduct, DUHS Policies and procedures, document for
services that are actually performed, report concerns of
violations. There is no retaliation for good faith reporting of
concerns.
It is a violation of the Federal and North Carolina False Claims
Act to knowingly submit or cause another person or entity to
submit false claims for payment of government funds, such
as filing with Medicare a claim for payment for services that
were not provided. Penalties for such action(s) may be three
times the amount the government paid out for damages
plus civil penalties of $5,500 to $11,000 per false claim,
and criminal cases may include imprisonment. Health care
organizations also can be excluded from participation
in federal health care programs. The False Claims Act contains
provisions that allow employees with actual knowledge of
alleged false claims to sue on behalf of the government.
These individuals will be protected from retaliation, e.g.
harassment, demotion, and wrongful termination, as a
result of the employee’s lawful acts in furtherance of a false
claims action.
ƒƒ FRAUD: Intentionally submitting false information to the
government or a government contractor in order to get
money or a benefit.
ƒƒ WASTE: Overutilization of services, or other practices
that, directly or indirectly, result in unnecessary costs to
the Medicare Program. Waste is generally not considered
to be caused by criminally negligent actions but rather the
misuse of resources.
ƒƒ ABUSE: Actions that may, directly or indirectly, result
in unnecessary costs to the Medicare Program. Abuse
involves payment for items or services when there is not
legal entitlement to that payment and the provider has
not knowingly and/or intentionally misrepresented facts to
obtain payment.
SECTION FOUR: FINANCIAL AND BUSINESS STANDARDS :: 38
FINANCIAL REPORTING
Our organization’s financial information serves as
the basis for managing our business so that we
are able to serve our patients, research participants,
colleagues, and others. It is also necessary for
compliance with tax and financial reporting
requirements.
ƒƒ We maintain accounting records according to
generally accepted accounting principles.
ƒƒ We maintain a system of internal controls to
ensure accuracy and completeness in
documenting, maintaining, and reporting financial
information.
ƒƒ We cooperate fully with internal and external
auditors and any regulatory agencies that examine
our books and records.
SECTION FOUR: FINANCIAL AND BUSINESS STANDARDS :: 39
SAFEGUARDING OUR ASSETS
Our “assets” include more than facilities, property, equipment,
inventory, office supplies, and funds. Our assets also include
employee time, business strategies, financial data, computer
software, patents, trademarks, inventions and devices, as
well as intangible intellectual property and other information.
Everyone is responsible for using corporate assets properly.
ƒƒ We take appropriate steps to protect corporate assets
against loss, theft, or misuse. We report possible loss or
theft to our supervisor.
ƒƒ We handle any purchase, transfer, or sale of
assets in accordance with applicable policies
and procedures.
ƒƒ We follow intellectual property laws.
ƒƒ We e-mail sensitive electronic information securely
according to policies and procedures including encryption
of PHI when emailing to third parties (outside Duke
email system), and use encryption when storing sensitive
information on mobile devices.
CONTRACTS
We employ the highest business standards in selecting,
negotiating, and approving all contracts with third parties.
ƒƒ We maintain confidentiality regarding pricing and terms
of contracts.
ƒƒ We do not use materials, equipment, or other assets for
purposes not directly related to business or without prior
approval from our respective supervisors, except for limited
personal convenience.
ƒƒ In contracting with vendors, insurance companies, and
other contractors, we comply with all laws and regulations,
including the receipt of fair market value in the payment
and receipt of services and products.
ƒƒ We do not photocopy or distribute material from books,
periodicals, computer software, or other sources if doing
so would violate copyright laws.
ƒƒ We inform consultants, service providers, vendors, and
other contractors that they are expected to comply with
this Code.
SECTION FOUR: FINANCIAL AND BUSINESS STANDARDS :: 40
WE WANT YOUR FEEDBACK
Section
5
It is critical that our Compliance Program is effectively
communicated throughout all levels of the organization.
Compliance is the responsibility of all members of
Duke Health. The Compliance Program and this Code
may be modified to reflect future changes in laws and
regulations or to improve compliance communication.
Please submit your Compliance Program suggestions to
the respective Compliance Office.
COMPLIANCE OFFICES
DUHS Compliance Office: To reach the DUHS Compliance
Office with any compliance questions or concerns, please
call 919-668-2573 or the DUHS Integrity Line at 800-8268109, send an e-mail to [email protected], or
visit our Web site at: intranet.dm.duke.edu/compliance.
Office of Audit Risk and Compliance (ORAC): For
SOM/SON questions or concerns contact DECO at
919-684-2475 or the Duke University Compliance and
Fraud Hotline at 800-849-9793, send an e-mail to deco@
duke.edu, or visit the Web site at: compliance.duke.edu.
SECTION FIVE: WE WANT YOUR FEEDBACK :: 42
COMPLIANCE OFFICES, continued
For SOM/SON questions or concerns contact the
Duke University Office of Audit, Risk & Compliance at
919-684-2475, send an e-mail to [email protected], or visit our
Web site at: compliance.duke.edu
INTEGRITY IN ACTION
You may contact the Human Resource Office at your facility regarding Human Resources issues. If you have questions about the
Code, the Compliance Program, a privacy or security issue, or need additional information, contact:
DUHS Compliance Office............................................................................................................ 919-668-2573
DUHS Integrity Line 1-800-826-8109
Other DUHS Contacts:
Davis Ambulatory Surgery Center.......................................................................................919-470-1008
Duke Raleigh Hospital...........................................................................................................919-862-5936
Duke Regional Hospital....................................................................................................... 919-613-6880
Duke University Hospital..................................................................................................... 919-613-6880
Duke Home Care and Hospice............................................................................................. 919-620-3853
DUHS Diagnostic Services.................................................................................................... 919-681-8878
Duke Primary Care.................................................................................................................919-613-6392
Duke Connected Care........................................................................................................... 919-668-2573
Patient Revenue Management Organization.................................................................... 919-684-6026
Private Diagnostic Clinic Compliance Office..............................................................................919-613-6459
Duke University Office of Audit, Risk & Compliance............................................................... 919-684-2475
University Ethics and Fraud Hotline 1-800-849-9793
SECTION FIVE: WE WANT YOUR FEEDBACK :: 43
Produced by DUHS Compliance Office ©2016 Duke University Health System RL003274
INTEGRITY In ACTION
Compliance Program
By signing this form, I acknowledge that I have been oriented to the Duke Health
Compliance Program, have received my personal copy of the Duke Health
Code of Conduct, and agree to abide by its terms, as it may be amended from time to time.
Signature (sign above)
Name (as it appears on social security card; please print above)
Date
Employer/ Entity
Department and Supervisor
Please complete, sign, and mail
copy of form to:
DUHS COMPLIANCE OFFICE
DUMC 3162
DURHAM, NC 27710
Keep a copy for your supervisor. Thank you.